diff options
| -rw-r--r-- | fxjs/fxjs_v8.cpp | 4 | ||||
| -rw-r--r-- | fxjs/fxjs_v8.h | 1 | ||||
| -rw-r--r-- | testing/resources/javascript/array_buffer.in | 68 | ||||
| -rw-r--r-- | testing/resources/javascript/array_buffer_expected.txt | 5 |
4 files changed, 76 insertions, 2 deletions
diff --git a/fxjs/fxjs_v8.cpp b/fxjs/fxjs_v8.cpp index b0e1a1b260..5f9426b643 100644 --- a/fxjs/fxjs_v8.cpp +++ b/fxjs/fxjs_v8.cpp @@ -144,11 +144,11 @@ static v8::Local<v8::ObjectTemplate> GetGlobalObjectTemplate( } void* FXJS_ArrayBufferAllocator::Allocate(size_t length) { - return calloc(1, length); + return length <= kMaxAllowedBytes ? calloc(1, length) : nullptr; } void* FXJS_ArrayBufferAllocator::AllocateUninitialized(size_t length) { - return malloc(length); + return length < kMaxAllowedBytes ? malloc(length) : nullptr; } void FXJS_ArrayBufferAllocator::Free(void* data, size_t length) { diff --git a/fxjs/fxjs_v8.h b/fxjs/fxjs_v8.h index 50b0b2c6d0..bdcf425f53 100644 --- a/fxjs/fxjs_v8.h +++ b/fxjs/fxjs_v8.h @@ -111,6 +111,7 @@ class FXJS_PerIsolateData { }; class FXJS_ArrayBufferAllocator : public v8::ArrayBuffer::Allocator { + static const size_t kMaxAllowedBytes = 0x10000000; void* Allocate(size_t length) override; void* AllocateUninitialized(size_t length) override; void Free(void* data, size_t length) override; diff --git a/testing/resources/javascript/array_buffer.in b/testing/resources/javascript/array_buffer.in new file mode 100644 index 0000000000..1f3e32d60d --- /dev/null +++ b/testing/resources/javascript/array_buffer.in @@ -0,0 +1,68 @@ +{{header}} +{{object 1 0}} << + /Type /Catalog + /Pages 2 0 R + /OpenAction 10 0 R +>> +endobj +{{object 2 0}} << + /Type /Pages + /Count 1 + /Kids [ + 3 0 R + ] +>> +endobj +% Page number 0. +{{object 3 0}} << + /Type /Page + /Parent 2 0 R + /Resources << + /Font <</F1 15 0 R>> + >> + /Contents [21 0 R] + /MediaBox [0 0 612 792] +>> +% OpenAction action +{{object 10 0}} << + /Type /Action + /S /JavaScript + /JS 11 0 R +>> +endobj +% JS program to exexute +{{object 11 0}} << +>> +stream +app.alert("This test attempts to make array buffers until exhausted"); + +function test(size) { + var i, ab, ia; + app.alert("Trying size " + size); + ab = new ArrayBuffer(size); + ia = new Int32Array(ab); + for (i = 0; i < size / 4; ++i) { + ia[i] = i; + } + for (i = 0; i < size / 4; ++i) { + if (ia[i] != i) { + throw('aaaaaaah'); + } + } +} + +try { + test(1000); + test(2000000); + test(4000000000); +} catch (e) { + app.alert("Caught error " + e); +} +endstream +endobj +{{xref}} +trailer << + /Root 1 0 R +>> +{{startxref}} +%%EOF diff --git a/testing/resources/javascript/array_buffer_expected.txt b/testing/resources/javascript/array_buffer_expected.txt new file mode 100644 index 0000000000..f8f3bf227c --- /dev/null +++ b/testing/resources/javascript/array_buffer_expected.txt @@ -0,0 +1,5 @@ +Alert: This test attempts to make array buffers until exhausted +Alert: Trying size 1000 +Alert: Trying size 2000000 +Alert: Trying size 4000000000 +Alert: Caught error RangeError: Array buffer allocation failed |